Exim Miscellany
This page contains a number of topics that are unrelated to other web pages, some of the articles are small and not all controllable features have been documented as they are very specialized, again I point you to the official web site.
There are three issues that Exim must address
You normally configure a specific user and group for Exim, you can also define the user when you compile the source using the "EXIM_USER=<user>" option in the makefile. You can also use the "exim_user=<user>" option in the configuration file.
To allow other users to access Exim add them to Exim group and change the permission on some of the files which will allow them to administer Exim.
Exim requires root privilege to configure the Exim daemon to listen on port 25 (a privileged port), to access other users forward files as these will only have the users privilege access, to achieve this the Exim binary has setuid set, this means that whenever the program is started the effective uid is changed to root. The root privilege is given up when it no longer needs it for example when receiving messages from any source. It is generally a bad idea to run the local deliveries as root as this requires to much privilege, you can limit the privileges by using the "never_users = root" option, this can be overriden by the build-time variable fixed_never_users (this can never be overriden).
Exim uses two kind of users trusted and admin, both allow you to perform privileged functions within Exim.
Trusted users may override certain information when submitting messages via the command line (The Exim and root users are automatically trusted). The trusted_users option allows to use privileged options on the commandline.
trusted_users | trusted_users = uucp : pvalle # You can now use the privilged option -f on the commandline Note: using the -f overrides the automatically generated sender address, if you have the privilege |
You can use the option untrusted_set_sender to allow address that untrusted users are allowed to set.
untrusted_set_sender | untrusted_set_sender = ^$sender_ident- Note: restricts users to setting senders that start with their login id followed by a hyphen |
Admin users are allowed to set options that affect the running of Exim, (start a daemon, remove messages). By default the Exim user and root are admin users, you allow users admin access by adding them to the Exim group.
You can open two privilege actions
Allow any user to start a Exim queue run | prod_requires_admin = false Note: if set to false then any user may start an Exim queue run by means of the -q option, you can also use the -M option |
View messages on the the Queue | queue_list_requires_admin = false Note: if set to false any user may list the messages on the queue by means of the -bp option. |
Exim has an option admin_groups which allows groups of users to have admin rights
Admin privileges for groups | admin_groups = sysadmin |
You can override the local wallclock time zone using the option timezone, it takes its default setting from the TZ environment variable.
setting the timezone | timezone = UTC |
You can perform some checking of disk space requirements, inodes available before accepting a message.
Check there is enough disk space | check_spool_space = 50M |
Check there are enough inodes available | check_spool_inodes = 100 |
Exim checks domains names before passing them to a resolver by matching them against a regular expression specified by the option dns_check_names_pattern, it only permits letters, digits, slashes and hyphens and requires them to neither start or end with a hyphen or a slash. If the name contains one of the invalid characters then it persumes that DNS returned a "not found". This can cause messages to be retried many times before timing out. You can use two options dns_retry and dns_retrans to adjust the timing values of retries and retransmissions.
You can alter the way Exim handles or generates bounce messages which includes warning messages which are sent after a message has been on the queue for a specified time.
When Exim generates a bounce message it inserts a From: header line specifying the sender as Mailer-daemon at the qualifying domain. This can cause problems as user generally reply to such messages so you may want to alias Mail-daemon to postmaster. You can also set the option errors_reply_to which provides the text for a Reply-To: header.
Reply-To: header | errors_reply_to = postmaster@datadisk.co.uk |
You can also take a copy of a bounced message, using the option errors_copy, this can be fine tuned
Copy of a bounced message | errors_copy = complaints@datadisk.co.uk postmaster@datadisk.co.uk errors_copy = *@datadisk.co.uk postmaster@datadisk.co.uk |
By default Exim sends a warning message every 24 Hours when a messasge is delayed, this can be adjusted
Delayed warning messages | delay_warning = 48h # send a warning message after 24 hours delay_warning = 4h:24h:4w # send a warning message after 4 hours, then 24 hours, then 4 weeks |
You can change the text of the bounced message (default is built into the Exim code), using the option bounce_message_text
Bounced Text | bounce_message_text = For any help please ask your postmaster Note: use the Exim website obtain a bounce_message_file template. |
Exim allows you to change the SMTP banner which is the initial response SMTP sends when a connection is made.
SMTP Banner | smtp_banner = $primary_hostname ESMTP Exim $version_number $tod_full smtp_banner = "Datadisk SMTP Server" Note: for security reason sometimes less information is best |